#!/bin/bash

# --workdir: work directory
# --tlsdir: certificates directory

set -e

OUT_DIR=
TLS_DIR=

while [[ ${1} ]]; do
	case "${1}" in
	--workdir)
		OUT_DIR=${2}
		shift
		;;
	--tlsdir)
		TLS_DIR=${2}
		shift
		;;
	*)
		echo "Unknown parameter: ${1}" >&2
		exit 1
		;;
	esac

	if ! shift; then
		echo 'Missing parameter argument.' >&2
		exit 1
	fi
done

CUR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
source $CUR/../_utils/test_prepare

cd $OUT_DIR && echo "start tidb cluster in $OUT_DIR"

cat - >"$OUT_DIR/pd-config-tls.toml" <<EOF
[replication]
# The number of replicas for each region.
max-replicas = 1
[security]
cacert-path = "$TLS_DIR/ca.pem"
cert-path = "$TLS_DIR/server.pem"
key-path = "$TLS_DIR/server-key.pem"
EOF

echo "Starting TLS PD..."
pd-server --version
pd-server \
	--client-urls https://${TLS_PD_HOST}:${TLS_PD_PORT} \
	--peer-urls https://${TLS_PD_HOST}:${TLS_PD_PEER_PORT} \
	--config "$OUT_DIR/pd-config-tls.toml" \
	--log-file "$OUT_DIR/pd_tls.log" \
	--data-dir "$OUT_DIR/pd_tls" &

# wait until PD is online...
while ! curl --cacert $TLS_DIR/ca.pem \
	--cert $TLS_DIR/client.pem \
	--key $TLS_DIR/client-key.pem \
	-o /dev/null -sf https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/api/v1/version; do
	sleep 1
done

while [ -z "$(curl --cacert $TLS_DIR/ca.pem \
	--cert $TLS_DIR/client.pem \
	--key $TLS_DIR/client-key.pem \
	https://${TLS_PD_HOST}:${TLS_PD_PORT}/pd/api/v1/health 2>/dev/null | grep 'health' | grep 'true')" ]; do
	sleep 1
done

# Tries to limit the max number of open files under the system limit
cat - >"$OUT_DIR/tikv-config-tls.toml" <<EOF
[storage]
# Disable creating a large temp file.
reserve-space = "0MB"
[rocksdb]
max-open-files = 4096
[raftdb]
max-open-files = 4096
[raftstore]
# true (default value) for high reliability, this can prevent data loss when power failure.
sync-log = false
[security]
ca-path = "$TLS_DIR/ca.pem"
cert-path = "$TLS_DIR/server.pem"
key-path = "$TLS_DIR/server-key.pem"
EOF

# tidb server config file
cat - >"$OUT_DIR/tidb-config-tls.toml" <<EOF
socket = "/tmp/tidb-tls.sock"
split-table = true
alter-primary-key = true
new_collations_enabled_on_first_bootstrap = true
[security]
ssl-ca = "$TLS_DIR/ca.pem"
ssl-cert = "$TLS_DIR/server.pem"
ssl-key = "$TLS_DIR/server-key.pem"
cluster-ssl-ca = "$TLS_DIR/ca.pem"
cluster-ssl-cert = "$TLS_DIR/server.pem"
cluster-ssl-key = "$TLS_DIR/server-key.pem"
EOF

echo "Starting TLS TiKV..."
tikv-server --version
# Uncomment to turn on grpc versbose log.
# GRPC_VERBOSITY=debug \
# GRPC_TRACE=server_channel,call_error,handshaker,tsi \
tikv-server \
	--pd ${TLS_PD_HOST}:${TLS_PD_PORT} \
	-A ${TLS_TIKV_HOST}:${TLS_TIKV_PORT} \
	--status-addr ${TLS_TIKV_HOST}:${TLS_TIKV_STATUS_PORT} \
	--log-file "$OUT_DIR/tikv_tls.log" \
	-C "$OUT_DIR/tikv-config-tls.toml" \
	-s "$OUT_DIR/tikv_tls" &>$OUT_DIR/tikv_tls.stdout &

sleep 2

echo "Starting TLS TiDB..."
tidb-server -V
tidb-server \
	-P ${TLS_TIDB_PORT} \
	-config "$OUT_DIR/tidb-config-tls.toml" \
	--store tikv \
	--path ${TLS_PD_HOST}:${TLS_PD_PORT} \
	--status=${TLS_TIDB_STATUS} \
	--log-file "$OUT_DIR/tidb_tls.log" &

echo "Verifying TLS TiDB is started..."
i=0
while ! mysql -uroot -h${TLS_TIDB_HOST} -P${TLS_TIDB_PORT} --default-character-set utf8mb4 -e 'select * from mysql.tidb;'; do
	i=$((i + 1))
	if [ "$i" -gt 60 ]; then
		echo 'Failed to start upstream TiDB'
		exit 2
	fi
	sleep 2
done

run_sql "update mysql.tidb set variable_value='60m' where variable_name='tikv_gc_life_time';" ${TLS_TIDB_HOST} ${TLS_TIDB_PORT} \
	--ssl-ca=$TLS_DIR/ca.pem \
	--ssl-cert=$TLS_DIR/server.pem \
	--ssl-key=$TLS_DIR/server-key.pem

echo "Starting CDC state checker..."
cd $CUR/../../utils/cdc_state_checker
if [ ! -f ./cdc_state_checker ]; then
	GO111MODULE=on go build
fi
./cdc_state_checker -pd https://${TLS_PD_HOST}:${TLS_PD_PORT} \
	-ca $TLS_DIR/ca.pem \
	-cert $TLS_DIR/server.pem \
	-key $TLS_DIR/server-key.pem >$OUT_DIR/cdc_etcd_check.log &
cd $OUT_DIR
